summaryrefslogtreecommitdiff
path: root/src/lib/libssl/doc/ssl.3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/doc/ssl.3')
-rw-r--r--src/lib/libssl/doc/ssl.31320
1 files changed, 0 insertions, 1320 deletions
diff --git a/src/lib/libssl/doc/ssl.3 b/src/lib/libssl/doc/ssl.3
deleted file mode 100644
index d87d7583c4..0000000000
--- a/src/lib/libssl/doc/ssl.3
+++ /dev/null
@@ -1,1320 +0,0 @@
1.\"
2.\" $OpenBSD: ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL 3
6.Os
7.Sh NAME
8.Nm SSL
9.Nd OpenSSL SSL/TLS library
10.Sh SYNOPSIS
11.Sh DESCRIPTION
12The OpenSSL
13.Nm ssl
14library implements the Secure Sockets Layer (SSL v2/v3) and
15Transport Layer Security (TLS v1) protocols.
16It provides a rich API which is documented here.
17.Pp
18At first the library must be initialized; see
19.Xr SSL_library_init 3 .
20.Pp
21Then an
22.Vt SSL_CTX
23object is created as a framework to establish TLS/SSL enabled connections (see
24.Xr SSL_CTX_new 3 ) .
25Various options regarding certificates, algorithms, etc., can be set in this
26object.
27.Pp
28When a network connection has been created, it can be assigned to an
29.Vt SSL
30object.
31After the
32.Vt SSL
33object has been created using
34.Xr SSL_new 3 ,
35.Xr SSL_set_fd 3
36or
37.Xr SSL_set_bio 3
38can be used to associate the network connection with the object.
39.Pp
40Then the TLS/SSL handshake is performed using
41.Xr SSL_accept 3
42or
43.Xr SSL_connect 3
44respectively.
45.Xr SSL_read 3
46and
47.Xr SSL_write 3
48are used to read and write data on the TLS/SSL connection.
49.Xr SSL_shutdown 3
50can be used to shut down the TLS/SSL connection.
51.Sh DATA STRUCTURES
52Currently the OpenSSL
53.Nm ssl
54library functions deals with the following data structures:
55.Bl -tag -width Ds
56.It Vt SSL_METHOD No (SSL Method)
57That's a dispatch structure describing the internal
58.Nm ssl
59library methods/functions which implement the various protocol versions
60(SSLv1, SSLv2 and TLSv1).
61It's needed to create an
62.Vt SSL_CTX .
63.It Vt SSL_CIPHER No (SSL Cipher)
64This structure holds the algorithm information for a particular cipher which
65is a core part of the SSL/TLS protocol.
66The available ciphers are configured on an
67.Vt SSL_CTX
68basis and the actually used ones are then part of the
69.Vt SSL_SESSION .
70.It Vt SSL_CTX No (SSL Context)
71That's the global context structure which is created by a server or client
72once per program lifetime and which holds mainly default values for the
73.Vt SSL
74structures which are later created for the connections.
75.It Vt SSL_SESSION No (SSL Session)
76This is a structure containing the current TLS/SSL session details for a
77connection:
78.Vt SSL_CIPHER Ns s, client and server certificates, keys, etc.
79.It Vt SSL No (SSL Connection)
80That's the main SSL/TLS structure which is created by a server or client per
81established connection.
82This actually is the core structure in the SSL API.
83Under run-time the application usually deals with this structure which has
84links to mostly all other structures.
85.El
86.Sh HEADER FILES
87Currently the OpenSSL
88.Nm ssl
89library provides the following C header files containing the prototypes for the
90data structures and functions:
91.Bl -tag -width Ds
92.It Pa ssl.h
93That's the common header file for the SSL/TLS API.
94Include it into your program to make the API of the
95.Nm ssl
96library available.
97It internally includes both more private SSL headers and headers from the
98.Em crypto
99library.
100Whenever you need hardcore details on the internals of the SSL API, look inside
101this header file.
102.It Pa ssl2.h
103That's the sub header file dealing with the SSLv2 protocol only.
104.Bf Em
105 Usually you don't have to include it explicitly because it's already included
106by
107.Pa ssl.h .
108.Ef
109.It Pa ssl3.h
110That's the sub header file dealing with the SSLv3 protocol only.
111.Bf Em
112Usually you don't have to include it explicitly because it's already included
113by
114.Pa ssl.h .
115.Ef
116.It Pa ssl23.h
117That's the sub header file dealing with the combined use of the SSLv2 and SSLv3
118protocols.
119.Bf Em
120Usually you don't have to include it explicitly because it's already included
121by
122.Pa ssl.h .
123.Ef
124.It Pa tls1.h
125That's the sub header file dealing with the TLSv1 protocol only.
126.Bf Em
127Usually you don't have to include it explicitly because it's already included
128by
129.Pa ssl.h .
130.Ef
131.El
132.Sh API FUNCTIONS
133The functions that the OpenSSL
134.Nm ssl
135library exports are documented below:
136.Ss DEALING WITH PROTOCOL METHODS
137Here we document the various API functions which deal with the SSL/TLS protocol
138methods defined in
139.Vt SSL_METHOD
140structures.
141.Bl -tag -width Ds
142.It Xo
143.Ft const SSL_METHOD *
144.Fn SSLv2_client_method void
145.Xc
146Constructor for the SSLv2
147.Vt SSL_METHOD
148structure for a dedicated client.
149.It Xo
150.Ft const SSL_METHOD *
151.Fn SSLv2_server_method void
152.Xc
153Constructor for the SSLv2
154.Vt SSL_METHOD
155structure for a dedicated server.
156.It Xo
157.Ft const SSL_METHOD *
158.Fn SSLv2_method void
159.Xc
160Constructor for the SSLv2
161.Vt SSL_METHOD
162structure for combined client and server.
163.It Xo
164.Ft const SSL_METHOD *
165.Fn SSLv3_client_method void
166.Xc
167Constructor for the SSLv3
168.Vt SSL_METHOD
169structure for a dedicated client.
170.It Xo
171.Ft const SSL_METHOD *
172.Fn SSLv3_server_method void
173.Xc
174Constructor for the SSLv3
175.Vt SSL_METHOD
176structure for a dedicated server.
177.It Xo
178.Ft const SSL_METHOD *
179.Fn SSLv3_method void
180.Xc
181Constructor for the SSLv3
182.Vt SSL_METHOD
183structure for combined client and server.
184.It Xo
185.Ft const SSL_METHOD *
186.Fn TLSv1_client_method void
187.Xc
188Constructor for the TLSv1
189.Vt SSL_METHOD
190structure for a dedicated client.
191.It Xo
192.Ft const SSL_METHOD *
193.Fn TLSv1_server_method void
194.Xc
195Constructor for the TLSv1
196.Vt SSL_METHOD
197structure for a dedicated server.
198.It Xo
199.Ft const SSL_METHOD *
200.Fn TLSv1_method void
201.Xc
202Constructor for the TLSv1
203.Vt SSL_METHOD
204structure for combined client and server.
205.El
206.Ss DEALING WITH CIPHERS
207Here we document the various API functions which deal with the SSL/TLS ciphers
208defined in
209.Vt SSL_CIPHER
210structures.
211.Bl -tag -width Ds
212.It Xo
213.Ft char *
214.Fn SSL_CIPHER_description "SSL_CIPHER *cipher" "char *buf" "int len"
215.Xc
216Write a string to
217.Fa buf
218(with a maximum size of
219.Fa len )
220containing a human readable description of
221.Fa cipher .
222Returns
223.Fa buf .
224.It Xo
225.Ft int
226.Fn SSL_CIPHER_get_bits "SSL_CIPHER *cipher" "int *alg_bits"
227.Xc
228Determine the number of bits in
229.Fa cipher .
230Because of export crippled ciphers there are two bits:
231the bits the algorithm supports in general (stored to
232.Fa alg_bits )
233and the bits which are actually used (the return value).
234.It Xo
235.Ft const char *
236.Fn SSL_CIPHER_get_name "SSL_CIPHER *cipher"
237.Xc
238Return the internal name of
239.Fa cipher
240as a string.
241These are the various strings defined by the
242.Dv SSL2_TXT_xxx ,
243.Dv SSL3_TXT_xxx
244and
245.Dv TLS1_TXT_xxx
246definitions in the header files.
247.It Xo
248.Ft char *
249.Fn SSL_CIPHER_get_version "SSL_CIPHER *cipher"
250.Xc
251Returns a string like
252Qq TLSv1/SSLv3
253or
254Qq SSLv2
255which indicates the SSL/TLS protocol version to which
256.Fa cipher
257belongs (i.e., where it was defined in the specification the first time).
258.El
259.Ss DEALING WITH PROTOCOL CONTEXTS
260Here we document the various API functions which deal with the SSL/TLS
261protocol context defined in the
262.Vt SSL_CTX
263structure.
264.Bl -tag -width Ds
265.It Xo
266.Ft int
267.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *x"
268.Xc
269.It Xo
270.Ft long
271.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
272.Xc
273.It Xo
274.Ft int
275.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
276.Xc
277.It Xo
278.Ft int
279.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
280.Xc
281.It Xo
282.Ft long
283.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "char *parg"
284.Xc
285.It Xo
286.Ft void
287.Fn SSL_CTX_flush_sessions "SSL_CTX *s" "long t"
288.Xc
289.It Xo
290.Ft void
291.Fn SSL_CTX_free "SSL_CTX *a"
292.Xc
293.It Xo
294.Ft char *
295.Fn SSL_CTX_get_app_data "SSL_CTX *ctx"
296.Xc
297.It Xo
298.Ft X509_STORE *
299.Fn SSL_CTX_get_cert_store "SSL_CTX *ctx"
300.Xc
301.It Xo
302.Ft STACK *
303.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
304.Xc
305.It Xo
306.Ft int
307.Fn "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
308.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
309.Xc
310.It Xo
311.Ft char *
312.Fn SSL_CTX_get_ex_data "const SSL_CTX *s" "int idx"
313.Xc
314.It Xo
315.Ft int
316.Fo SSL_CTX_get_ex_new_index
317.Fa "long argl"
318.Fa "void *argp"
319.Fa "CRYPTO_EX_new *new_func"
320.Fa "CRYPTO_EX_dup *dup_func"
321.Fa "CRYPTO_EX_free *free_func"
322.Fc
323.Xc
324.It Xo
325.Ft void
326.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
327.Fa "SSL *ssl"
328.Fa "int cb"
329.Fa "int ret"
330.Fc
331.Xc
332.It Xo
333.Ft int
334.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
335.Xc
336.It Xo
337.Ft int
338.Fn SSL_CTX_get_session_cache_mode "SSL_CTX *ctx"
339.Xc
340.It Xo
341.Ft long
342.Fn SSL_CTX_get_timeout "const SSL_CTX *ctx"
343.Xc
344.It Xo
345.Ft int
346.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
347.Fa "int ok"
348.Fa "X509_STORE_CTX *ctx"
349.Fc
350.Xc
351.It Xo
352.Ft int
353.Fn SSL_CTX_get_verify_mode "SSL_CTX *ctx"
354.Xc
355.It Xo
356.Ft int
357.Fn SSL_CTX_load_verify_locations "SSL_CTX *ctx" "char *CAfile" "char *CApath"
358.Xc
359.It Xo
360.Ft long
361.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
362.Xc
363.It Xo
364.Ft SSL_CTX *
365.Fn SSL_CTX_new "const SSL_METHOD *meth"
366.Xc
367.It Xo
368.Ft int
369.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
370.Xc
371.It Xo
372.Ft int
373.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
374.Xc
375.It Xo
376.Ft int
377.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
378.Xc
379.It Xo
380.Ft int
381.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
382.Xc
383.It Xo
384.Ft int
385.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
386.Xc
387.It Xo
388.Ft int
389.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
390.Xc
391.It Xo
392.Ft int
393.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
394.Xc
395.It Xo
396.Ft int
397.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
398.Xc
399.It Xo
400.Ft int
401.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
402.Xc
403.It Xo
404.Ft int
405.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
406.Xc
407.It Xo
408.Ft SSL_SESSION *
409.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
410.Fa "SSL *ssl"
411.Fa "unsigned char *data"
412.Fa "int len"
413.Fa "int *copy"
414.Fc
415.Xc
416.It Xo
417.Ft int
418.Fn "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" "SSL *ssl" "SSL_SESSION *sess"
419.Xc
420.It Xo
421.Ft void
422.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
423.Fa "SSL_CTX *ctx"
424.Fa "SSL_SESSION *sess"
425.Fc
426.Xc
427.It Xo
428.Ft int
429.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
430.Xc
431.It Xo
432.Ft int
433.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
434.Xc
435.It Xo
436.Ft int
437.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
438.Xc
439.It Xo
440.Ft void
441.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
442.Xc
443.It Xo
444.Ft void
445.Fo SSL_CTX_sess_set_get_cb
446.Fa "SSL_CTX *ctx"
447.Fa "SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)"
448.Fc
449.Xc
450.It Xo
451.Ft void
452.Fo SSL_CTX_sess_set_new_cb
453.Fa "SSL_CTX *ctx"
454.Fa "int (*cb)(SSL *ssl, SSL_SESSION *sess)"
455.Fc
456.Xc
457.It Xo
458.Ft void
459.Fo SSL_CTX_sess_set_remove_cb
460.Fa "SSL_CTX *ctx"
461.Fa "void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)"
462.Fc
463.Xc
464.It Xo
465.Ft int
466.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
467.Xc
468.It Xo
469.Ft LHASH *
470.Fn SSL_CTX_sessions "SSL_CTX *ctx"
471.Xc
472.It Xo
473.Ft void
474.Fn SSL_CTX_set_app_data "SSL_CTX *ctx" "void *arg"
475.Xc
476.It Xo
477.Ft void
478.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *cs"
479.Xc
480.It Xo
481.Ft void
482.Fn SSL_CTX_set_cert_verify_cb "SSL_CTX *ctx" "int (*cb)()" "char *arg"
483.Xc
484.It Xo
485.Ft int
486.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "char *str"
487.Xc
488.It Xo
489.Ft void
490.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK *list"
491.Xc
492.It Xo
493.Ft void
494.Fo SSL_CTX_set_client_cert_cb
495.Fa "SSL_CTX *ctx"
496.Fa "int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
497.Fc
498.Xc
499.It Xo
500.Ft void
501.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
502.Xc
503.It Xo
504.Ft void
505.Fn SSL_CTX_set_default_read_ahead "SSL_CTX *ctx" "int m"
506.Xc
507.It Xo
508.Ft int
509.Fn SSL_CTX_set_default_verify_paths "SSL_CTX *ctx"
510.Xc
511.It Xo
512.Ft int
513.Fn SSL_CTX_set_ex_data "SSL_CTX *s" "int idx" "char *arg"
514.Xc
515.It Xo
516.Ft void
517.Fo SSL_CTX_set_info_callback
518.Fa "SSL_CTX *ctx"
519.Fa "void (*cb)(SSL *ssl, int cb, int ret)"
520.Fc
521.Xc
522.It Xo
523.Ft void
524.Fo SSL_CTX_set_msg_callback
525.Fa "SSL_CTX *ctx"
526.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
527size_t len, SSL *ssl, void *arg)"
528.Fc
529.Xc
530.It Xo
531.Ft void
532.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
533.Xc
534.It Xo
535.Ft void
536.Fn SSL_CTX_set_options "SSL_CTX *ctx" "unsigned long op"
537.Xc
538.It Xo
539.Ft void
540.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
541.Xc
542.It Xo
543.Ft void
544.Fn SSL_CTX_set_session_cache_mode "SSL_CTX *ctx" "int mode"
545.Xc
546.It Xo
547.Ft int
548.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *meth"
549.Xc
550.It Xo
551.Ft void
552.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
553.Xc
554.It Xo
555.Ft long
556.Fn SSL_CTX_set_tmp_dh "SSL_CTX* ctx" "DH *dh"
557.Xc
558.It Xo
559.Ft long
560.Fn SSL_CTX_set_tmp_dh_callback "SSL_CTX *ctx" "DH *(*cb)(void)"
561.Xc
562.It Xo
563.Ft long
564.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
565.Xc
566.It Xo
567.Fn SSL_CTX_set_tmp_rsa_callback
568.Xc
569.Ft long
570.Fo SSL_CTX_set_tmp_rsa_callback
571.Fa "SSL_CTX *ctx"
572.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
573.Fc
574.Pp
575Sets the callback which will be called when a temporary private key is
576required.
577The
578.Fa export
579flag will be set if the reason for needing a temp key is that an export
580ciphersuite is in use, in which case,
581.Fa keylength
582will contain the required keylength in bits.
583.\" XXX using what?
584Generate a key of appropriate size (using ???) and return it.
585.It Xo
586.Fn SSL_set_tmp_rsa_callback
587.Xc
588.Ft long
589.Fo SSL_set_tmp_rsa_callback
590.Fa "SSL *ssl"
591.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
592.Fc
593.Pp
594The same as
595.Fn SSL_CTX_set_tmp_rsa_callback ,
596except it operates on an
597.Vt SSL
598session instead of a context.
599.It Xo
600.Ft void
601.Fn SSL_CTX_set_verify "SSL_CTX *ctx" "int mode" "int (*cb)(void)"
602.Xc
603.It Xo
604.Ft int
605.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
606.Xc
607.It Xo
608.Ft int
609.Fo SSL_CTX_use_PrivateKey_ASN1
610.Fa "int type"
611.Fa "SSL_CTX *ctx"
612.Fa "unsigned char *d"
613.Fa "long len"
614.Fc
615.Xc
616.It Xo
617.Ft int
618.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
619.Xc
620.It Xo
621.Ft int
622.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
623.Xc
624.It Xo
625.Ft int
626.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
627.Xc
628.It Xo
629.Ft int
630.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
631.Xc
632.It Xo
633.Ft int
634.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
635.Xc
636.It Xo
637.Ft int
638.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
639.Xc
640.It Xo
641.Ft int
642.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type"
643.Xc
644.It Xo
645.Ft void
646.Fo SSL_CTX_set_psk_client_callback
647.Fa "SSL_CTX *ctx"
648.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
649unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
650.Fc
651.Xc
652.It Xo
653.Ft int
654.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
655.Xc
656.It Xo
657.Ft void
658.Fo SSL_CTX_set_psk_server_callback
659.Fa "SSL_CTX *ctx"
660.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
661unsigned char *psk, int max_psk_len)"
662.Fc
663.Xc
664.El
665.Ss DEALING WITH SESSIONS
666Here we document the various API functions which deal with the SSL/TLS sessions
667defined in the
668.Vt SSL_SESSION
669structures.
670.Bl -tag -width Ds
671.It Xo
672.Ft int
673.Fn SSL_SESSION_cmp "const SSL_SESSION *a" "const SSL_SESSION *b"
674.Xc
675.It Xo
676.Ft void
677.Fn SSL_SESSION_free "SSL_SESSION *ss"
678.Xc
679.It Xo
680.Ft char *
681.Fn SSL_SESSION_get_app_data "SSL_SESSION *s"
682.Xc
683.It Xo
684.Ft char *
685.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *s" "int idx"
686.Xc
687.It Xo
688.Ft int
689.Fo SSL_SESSION_get_ex_new_index
690.Fa "long argl"
691.Fa "char *argp"
692.Fa "int (*new_func)(void)"
693.Fa "int (*dup_func)(void), void (*free_func)(void)"
694.Fc
695.Xc
696.It Xo
697.Ft long
698.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
699.Xc
700.It Xo
701.Ft long
702.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
703.Xc
704.It Xo
705.Ft unsigned long
706.Fn SSL_SESSION_hash "const SSL_SESSION *a"
707.Xc
708.It Xo
709.Ft SSL_SESSION *
710.Fn SSL_SESSION_new void
711.Xc
712.It Xo
713.Ft int
714.Fn SSL_SESSION_print "BIO *bp" "const SSL_SESSION *x"
715.Xc
716.It Xo
717.Ft int
718.Fn SSL_SESSION_print_fp "FILE *fp" "const SSL_SESSION *x"
719.Xc
720.It Xo
721.Ft void
722.Fn SSL_SESSION_set_app_data "SSL_SESSION *s" "char *a"
723.Xc
724.It Xo
725.Ft int
726.Fn SSL_SESSION_set_ex_data "SSL_SESSION *s" "int idx" "char *arg"
727.Xc
728.It Xo
729.Ft long
730.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long t"
731.Xc
732.It Xo
733.Ft long
734.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long t"
735.Xc
736.El
737.Ss DEALING WITH CONNECTIONS
738Here we document the various API functions which deal with the SSL/TLS
739connection defined in the
740.Vt SSL
741structure.
742.Bl -tag -width Ds
743.It Xo
744.Ft int
745.Fn SSL_accept "SSL *ssl"
746.Xc
747.It Xo
748.Ft int
749.Fn SSL_add_dir_cert_subjects_to_stack "STACK *stack" "const char *dir"
750.Xc
751.It Xo
752.Ft int
753.Fn SSL_add_file_cert_subjects_to_stack "STACK *stack" "const char *file"
754.Xc
755.It Xo
756.Ft int
757.Fn SSL_add_client_CA "SSL *ssl" "X509 *x"
758.Xc
759.It Xo
760.Ft char *
761.Fn SSL_alert_desc_string "int value"
762.Xc
763.It Xo
764.Ft char *
765.Fn SSL_alert_desc_string_long "int value"
766.Xc
767.It Xo
768.Ft char *
769.Fn SSL_alert_type_string "int value"
770.Xc
771.It Xo
772.Ft char *
773.Fn SSL_alert_type_string_long "int value"
774.Xc
775.It Xo
776.Ft int
777.Fn SSL_check_private_key "const SSL *ssl"
778.Xc
779.It Xo
780.Ft void
781.Fn SSL_clear "SSL *ssl"
782.Xc
783.It Xo
784.Ft long
785.Fn SSL_clear_num_renegotiations "SSL *ssl"
786.Xc
787.It Xo
788.Ft int
789.Fn SSL_connect "SSL *ssl"
790.Xc
791.It Xo
792.Ft void
793.Fn SSL_copy_session_id "SSL *t" "const SSL *f"
794.Xc
795.It Xo
796.Ft long
797.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "char *parg"
798.Xc
799.It Xo
800.Ft int
801.Fn SSL_do_handshake "SSL *ssl"
802.Xc
803.It Xo
804.Ft SSL *
805.Fn SSL_dup "SSL *ssl"
806.Xc
807.It Xo
808.Ft STACK *
809.Fn SSL_dup_CA_list "STACK *sk"
810.Xc
811.It Xo
812.Ft void
813.Fn SSL_free "SSL *ssl"
814.Xc
815.It Xo
816.Ft SSL_CTX *
817.Fn SSL_get_SSL_CTX "const SSL *ssl"
818.Xc
819.It Xo
820.Ft char *
821.Fn SSL_get_app_data "SSL *ssl"
822.Xc
823.It Xo
824.Ft X509 *
825.Fn SSL_get_certificate "const SSL *ssl"
826.Xc
827.It Xo
828.Ft const char *
829.Fn SSL_get_cipher "const SSL *ssl"
830.Xc
831.It Xo
832.Ft int
833.Fn SSL_get_cipher_bits "const SSL *ssl" "int *alg_bits"
834.Xc
835.It Xo
836.Ft char *
837.Fn SSL_get_cipher_list "const SSL *ssl" "int n"
838.Xc
839.It Xo
840.Ft char *
841.Fn SSL_get_cipher_name "const SSL *ssl"
842.Xc
843.It Xo
844.Ft char *
845.Fn SSL_get_cipher_version "const SSL *ssl"
846.Xc
847.It Xo
848.Ft STACK *
849.Fn SSL_get_ciphers "const SSL *ssl"
850.Xc
851.It Xo
852.Ft STACK *
853.Fn SSL_get_client_CA_list "const SSL *ssl"
854.Xc
855.It Xo
856.Ft SSL_CIPHER *
857.Fn SSL_get_current_cipher "SSL *ssl"
858.Xc
859.It Xo
860.Ft long
861.Fn SSL_get_default_timeout "const SSL *ssl"
862.Xc
863.It Xo
864.Ft int
865.Fn SSL_get_error "const SSL *ssl" "int i"
866.Xc
867.It Xo
868.Ft char *
869.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
870.Xc
871.It Xo
872.Ft int
873.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
874.Xc
875.It Xo
876.Ft int
877.Fo SSL_get_ex_new_index
878.Fa "long argl"
879.Fa "char *argp"
880.Fa "int (*new_func)(void)"
881.Fa "int (*dup_func)(void)"
882.Fa "void (*free_func)(void)"
883.Fc
884.Xc
885.It Xo
886.Ft int
887.Fn SSL_get_fd "const SSL *ssl"
888.Xc
889.It Xo
890.Ft void
891.Fn "(*SSL_get_info_callback(const SSL *ssl))"
892.Xc
893.It Xo
894.Ft STACK *
895.Fn SSL_get_peer_cert_chain "const SSL *ssl"
896.Xc
897.It Xo
898.Ft X509 *
899.Fn SSL_get_peer_certificate "const SSL *ssl"
900.Xc
901.It Xo
902.Ft EVP_PKEY *
903.Fn SSL_get_privatekey "SSL *ssl"
904.Xc
905.It Xo
906.Ft int
907.Fn SSL_get_quiet_shutdown "const SSL *ssl"
908.Xc
909.It Xo
910.Ft BIO *
911.Fn SSL_get_rbio "const SSL *ssl"
912.Xc
913.It Xo
914.Ft int
915.Fn SSL_get_read_ahead "const SSL *ssl"
916.Xc
917.It Xo
918.Ft SSL_SESSION *
919.Fn SSL_get_session "const SSL *ssl"
920.Xc
921.It Xo
922.Ft char *
923.Fn SSL_get_shared_ciphers "const SSL *ssl" "char *buf" "int len"
924.Xc
925.It Xo
926.Ft int
927.Fn SSL_get_shutdown "const SSL *ssl"
928.Xc
929.It Xo
930.Ft const SSL_METHOD *
931.Fn SSL_get_ssl_method "SSL *ssl"
932.Xc
933.It Xo
934.Ft int
935.Fn SSL_get_state "const SSL *ssl"
936.Xc
937.It Xo
938.Ft long
939.Fn SSL_get_time "const SSL *ssl"
940.Xc
941.It Xo
942.Ft long
943.Fn SSL_get_timeout "const SSL *ssl"
944.Xc
945.It Xo
946.Ft int
947.Fn "(*SSL_get_verify_callback(const SSL *ssl))" int "X509_STORE_CTX *"
948.Xc
949.It Xo
950.Ft int
951.Fn SSL_get_verify_mode "const SSL *ssl"
952.Xc
953.It Xo
954.Ft long
955.Fn SSL_get_verify_result "const SSL *ssl"
956.Xc
957.It Xo
958.Ft char *
959.Fn SSL_get_version "const SSL *ssl"
960.Xc
961.It Xo
962.Ft BIO *
963.Fn SSL_get_wbio "const SSL *ssl"
964.Xc
965.It Xo
966.Ft int
967.Fn SSL_in_accept_init "SSL *ssl"
968.Xc
969.It Xo
970.Ft int
971.Fn SSL_in_before "SSL *ssl"
972.Xc
973.It Xo
974.Ft int
975.Fn SSL_in_connect_init "SSL *ssl"
976.Xc
977.It Xo
978.Ft int
979.Fn SSL_in_init "SSL *ssl"
980.Xc
981.It Xo
982.Ft int
983.Fn SSL_is_init_finished "SSL *ssl"
984.Xc
985.It Xo
986.Ft STACK *
987.Fn SSL_load_client_CA_file "char *file"
988.Xc
989.It Xo
990.Ft void
991.Fn SSL_load_error_strings "void"
992.Xc
993.It Xo
994.Ft SSL *
995.Fn SSL_new "SSL_CTX *ctx"
996.Xc
997.It Xo
998.Ft long
999.Fn SSL_num_renegotiations "SSL *ssl"
1000.Xc
1001.It Xo
1002.Ft int
1003.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
1004.Xc
1005.It Xo
1006.Ft int
1007.Fn SSL_pending "const SSL *ssl"
1008.Xc
1009.It Xo
1010.Ft int
1011.Fn SSL_read "SSL *ssl" "void *buf" "int num"
1012.Xc
1013.It Xo
1014.Ft int
1015.Fn SSL_renegotiate "SSL *ssl"
1016.Xc
1017.It Xo
1018.Ft char *
1019.Fn SSL_rstate_string "SSL *ssl"
1020.Xc
1021.It Xo
1022.Ft char *
1023.Fn SSL_rstate_string_long "SSL *ssl"
1024.Xc
1025.It Xo
1026.Ft long
1027.Fn SSL_session_reused "SSL *ssl"
1028.Xc
1029.It Xo
1030.Ft void
1031.Fn SSL_set_accept_state "SSL *ssl"
1032.Xc
1033.It Xo
1034.Ft void
1035.Fn SSL_set_app_data "SSL *ssl" "char *arg"
1036.Xc
1037.It Xo
1038.Ft void
1039.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
1040.Xc
1041.It Xo
1042.Ft int
1043.Fn SSL_set_cipher_list "SSL *ssl" "char *str"
1044.Xc
1045.It Xo
1046.Ft void
1047.Fn SSL_set_client_CA_list "SSL *ssl" "STACK *list"
1048.Xc
1049.It Xo
1050.Ft void
1051.Fn SSL_set_connect_state "SSL *ssl"
1052.Xc
1053.It Xo
1054.Ft int
1055.Fn SSL_set_ex_data "SSL *ssl" "int idx" "char *arg"
1056.Xc
1057.It Xo
1058.Ft int
1059.Fn SSL_set_fd "SSL *ssl" "int fd"
1060.Xc
1061.It Xo
1062.Ft void
1063.Fn SSL_set_info_callback "SSL *ssl" "void (*cb)(void)"
1064.Xc
1065.It Xo
1066.Ft void
1067.Fo SSL_set_msg_callback
1068.Fa "SSL *ctx"
1069.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
1070size_t len, SSL *ssl, void *arg)"
1071.Fc
1072.Xc
1073.It Xo
1074.Ft void
1075.Fn SSL_set_msg_callback_arg "SSL *ctx" "void *arg"
1076.Xc
1077.It Xo
1078.Ft void
1079.Fn SSL_set_options "SSL *ssl" "unsigned long op"
1080.Xc
1081.It Xo
1082.Ft void
1083.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
1084.Xc
1085.It Xo
1086.Ft void
1087.Fn SSL_set_read_ahead "SSL *ssl" "int yes"
1088.Xc
1089.It Xo
1090.Ft int
1091.Fn SSL_set_rfd "SSL *ssl" "int fd"
1092.Xc
1093.It Xo
1094.Ft int
1095.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
1096.Xc
1097.It Xo
1098.Ft void
1099.Fn SSL_set_shutdown "SSL *ssl" "int mode"
1100.Xc
1101.It Xo
1102.Ft int
1103.Fn SSL_set_ssl_method "SSL *ssl" "const SSL_METHOD *meth"
1104.Xc
1105.It Xo
1106.Ft void
1107.Fn SSL_set_time "SSL *ssl" "long t"
1108.Xc
1109.It Xo
1110.Ft void
1111.Fn SSL_set_timeout "SSL *ssl" "long t"
1112.Xc
1113.It Xo
1114.Ft void
1115.Fn SSL_set_verify "SSL *ssl" "int mode" "int (*callback)(void)"
1116.Xc
1117.It Xo
1118.Ft void
1119.Fn SSL_set_verify_result "SSL *ssl" "long arg"
1120.Xc
1121.It Xo
1122.Ft int
1123.Fn SSL_set_wfd "SSL *ssl" "int fd"
1124.Xc
1125.It Xo
1126.Ft int
1127.Fn SSL_shutdown "SSL *ssl"
1128.Xc
1129.It Xo
1130.Ft int
1131.Fn SSL_state "const SSL *ssl"
1132.Xc
1133.It Xo
1134.Ft char *
1135.Fn SSL_state_string "const SSL *ssl"
1136.Xc
1137.It Xo
1138.Ft char *
1139.Fn SSL_state_string_long "const SSL *ssl"
1140.Xc
1141.It Xo
1142.Ft long
1143.Fn SSL_total_renegotiations "SSL *ssl"
1144.Xc
1145.It Xo
1146.Ft int
1147.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
1148.Xc
1149.It Xo
1150.Ft int
1151.Fn SSL_use_PrivateKey_ASN1 "int type" "SSL *ssl" "unsigned char *d" "long len"
1152.Xc
1153.It Xo
1154.Ft int
1155.Fn SSL_use_PrivateKey_file "SSL *ssl" "char *file" "int type"
1156.Xc
1157.It Xo
1158.Ft int
1159.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
1160.Xc
1161.It Xo
1162.Ft int
1163.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
1164.Xc
1165.It Xo
1166.Ft int
1167.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "char *file" "int type"
1168.Xc
1169.It Xo
1170.Ft int
1171.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
1172.Xc
1173.It Xo
1174.Ft int
1175.Fn SSL_use_certificate_ASN1 "SSL *ssl" "int len" "unsigned char *d"
1176.Xc
1177.It Xo
1178.Ft int
1179.Fn SSL_use_certificate_file "SSL *ssl" "char *file" "int type"
1180.Xc
1181.It Xo
1182.Ft int
1183.Fn SSL_version "const SSL *ssl"
1184.Xc
1185.It Xo
1186.Ft int
1187.Fn SSL_want "const SSL *ssl"
1188.Xc
1189.It Xo
1190.Ft int
1191.Fn SSL_want_nothing "const SSL *ssl"
1192.Xc
1193.It Xo
1194.Ft int
1195.Fn SSL_want_read "const SSL *ssl"
1196.Xc
1197.It Xo
1198.Ft int
1199.Fn SSL_want_write "const SSL *ssl"
1200.Xc
1201.It Xo
1202.Ft int
1203.Fn SSL_want_x509_lookup "const SSL *ssl"
1204.Xc
1205.It Xo
1206.Ft int
1207.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
1208.Xc
1209.It Xo
1210.Ft void
1211.Fo SSL_set_psk_client_callback
1212.Fa "SSL *ssl"
1213.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
1214unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
1215.Fc
1216.Xc
1217.It Xo
1218.Ft int
1219.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
1220.Xc
1221.It Xo
1222.Ft void
1223.Fo SSL_set_psk_server_callback
1224.Fa "SSL *ssl"
1225.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
1226unsigned char *psk, int max_psk_len)"
1227.Fc
1228.Xc
1229.It Xo
1230.Ft const char *
1231.Fn SSL_get_psk_identity_hint "SSL *ssl"
1232.Xc
1233.It Xo
1234.Ft const char *
1235.Fn SSL_get_psk_identity "SSL *ssl"
1236.Xc
1237.El
1238.Sh SEE ALSO
1239.Xr openssl 1 ,
1240.Xr crypto 3 ,
1241.Xr d2i_SSL_SESSION 3 ,
1242.Xr SSL_accept 3 ,
1243.Xr SSL_alert_type_string 3 ,
1244.Xr SSL_CIPHER_get_name 3 ,
1245.Xr SSL_clear 3 ,
1246.Xr SSL_COMP_add_compression_method 3 ,
1247.Xr SSL_connect 3 ,
1248.Xr SSL_CTX_add_extra_chain_cert 3 ,
1249.Xr SSL_CTX_add_session 3 ,
1250.Xr SSL_CTX_ctrl 3 ,
1251.Xr SSL_CTX_flush_sessions 3 ,
1252.Xr SSL_CTX_get_ex_new_index 3 ,
1253.Xr SSL_CTX_get_verify_mode 3 ,
1254.Xr SSL_CTX_load_verify_locations 3 ,
1255.Xr SSL_CTX_new 3 ,
1256.Xr SSL_CTX_sess_number 3 ,
1257.Xr SSL_CTX_sess_set_cache_size 3 ,
1258.Xr SSL_CTX_sess_set_get_cb 3 ,
1259.Xr SSL_CTX_sessions 3 ,
1260.Xr SSL_CTX_set_cert_store 3 ,
1261.Xr SSL_CTX_set_cert_verify_callback 3 ,
1262.Xr SSL_CTX_set_cipher_list 3 ,
1263.Xr SSL_CTX_set_client_CA_list 3 ,
1264.Xr SSL_CTX_set_client_cert_cb 3 ,
1265.Xr SSL_CTX_set_default_passwd_cb 3 ,
1266.Xr SSL_CTX_set_generate_session_id 3 ,
1267.Xr SSL_CTX_set_info_callback 3 ,
1268.Xr SSL_CTX_set_max_cert_list 3 ,
1269.Xr SSL_CTX_set_mode 3 ,
1270.Xr SSL_CTX_set_msg_callback 3 ,
1271.Xr SSL_CTX_set_options 3 ,
1272.Xr SSL_CTX_set_psk_client_callback 3 ,
1273.Xr SSL_CTX_set_quiet_shutdown 3 ,
1274.Xr SSL_CTX_set_session_cache_mode 3 ,
1275.Xr SSL_CTX_set_session_id_context 3 ,
1276.Xr SSL_CTX_set_ssl_version 3 ,
1277.Xr SSL_CTX_set_timeout 3 ,
1278.Xr SSL_CTX_set_tmp_dh_callback 3 ,
1279.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
1280.Xr SSL_CTX_set_verify 3 ,
1281.Xr SSL_CTX_use_certificate 3 ,
1282.Xr SSL_CTX_use_psk_identity_hint 3 ,
1283.Xr SSL_do_handshake 3 ,
1284.Xr SSL_get_ciphers 3 ,
1285.Xr SSL_get_client_CA_list 3 ,
1286.Xr SSL_get_default_timeout 3 ,
1287.Xr SSL_get_error 3 ,
1288.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
1289.Xr SSL_get_ex_new_index 3 ,
1290.Xr SSL_get_fd 3 ,
1291.Xr SSL_get_peer_cert_chain 3 ,
1292.Xr SSL_get_psk_identity 3 ,
1293.Xr SSL_get_rbio 3 ,
1294.Xr SSL_get_session 3 ,
1295.Xr SSL_get_SSL_CTX 3 ,
1296.Xr SSL_get_verify_result 3 ,
1297.Xr SSL_get_version 3 ,
1298.Xr SSL_library_init 3 ,
1299.Xr SSL_load_client_CA_file 3 ,
1300.Xr SSL_new 3 ,
1301.Xr SSL_pending 3 ,
1302.Xr SSL_read 3 ,
1303.Xr SSL_rstate_string 3 ,
1304.Xr SSL_SESSION_free 3 ,
1305.Xr SSL_SESSION_get_ex_new_index 3 ,
1306.Xr SSL_SESSION_get_time 3 ,
1307.Xr SSL_session_reused 3 ,
1308.Xr SSL_set_bio 3 ,
1309.Xr SSL_set_connect_state 3 ,
1310.Xr SSL_set_fd 3 ,
1311.Xr SSL_set_session 3 ,
1312.Xr SSL_set_shutdown 3 ,
1313.Xr SSL_shutdown 3 ,
1314.Xr SSL_state_string 3 ,
1315.Xr SSL_want 3 ,
1316.Xr SSL_write 3
1317.Sh HISTORY
1318The
1319.Nm
1320document appeared in OpenSSL 0.9.2.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 22:54:44 +0000